Tech Support Forum banner
Cancel

Google searches are redirected (FF/IE)

Jump to Latest Follow
Status
Not open for further replies.
1 - 20 of 20 Posts
H

· Registered
Joined
·
33 Posts
Discussion Starter · #1 ·
Hi Guys

As the title says im experiencing browser redirection issues. It happens on both Firefox and Internet Explorer browsers. Both browsers are on the latest version.

I have been asked by 'chemist' here to post a few longs

Please find the DDS posts embedded on the thread and the other to as an attachment

Thanks in advance


DDS (Ver_09-12-01.01) - NTFSx86
Run by Zahra at 15:26:29.33 on 07/12/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1033 [GMT 0:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Zahra\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [DSS] c:\windows\ConfigNetDos32.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Time Zones for PCs] c:\program files\digital design ltd\time zones for pcs\TZPC.EXE
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
StartupFolder: c:\users\zahra\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\zahra\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {7473ADE0-42A8-4C78-AC92-365A9277BE89} = 194.168.4.100,194.168.8.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\zahra\appdata\roaming\mozilla\firefox\profiles\95r9j6ib.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 CplIR;Embedded IR Driver;c:\windows\system32\drivers\CplIR.sys [2007-3-6 14848]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-4-13 210432]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-8-6 72200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-1 83208]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 152456]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-3-27 23064]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-6-25 183880]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe [2007-8-22 151552]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-18 21504]
S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [2009-3-9 103680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-5 19160]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-2-24 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-2-24 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-2-24 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-2-24 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-2-24 98568]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-5 276816]

=============== Created Last 30 ================

2009-12-06 22:56:32 0 d-----w- c:\program files\IZArc
2009-12-06 20:49:34 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-06 20:32:27 0 d-----w- c:\program files\Trend Micro
2009-12-06 03:29:19 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-06 03:28:52 0 d-----w- c:\users\zahra\appdata\roaming\SUPERAntiSpyware.com
2009-12-06 03:28:52 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-06 03:13:28 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-05 19:05:04 0 d-----w- c:\program files\Sophos
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\wsbl.dat
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\ph_white.dat
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\ph_spoof.sig
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\ph_sign.slf
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\ph_fuzzy.sig
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\ph_black.dat
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\pcwords.dat
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\pc_sign.slf
2009-12-04 15:45:22 0 ----a-w- c:\windows\system32\ab_sbl.sig
2009-12-04 06:03:24 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-04 01:42:24 850 ----a-w- c:\windows\system32\ProductTweaks.xml
2009-12-04 01:42:23 385 ----a-w- c:\windows\system32\user_gensett.xml
2009-12-04 01:15:37 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-04 01:15:37 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-04 01:15:37 0 ----a-w- c:\windows\system32\ab_bl.sig
2009-12-04 00:57:02 0 d-----w- c:\users\zahra\appdata\roaming\BitDefender
2009-12-04 00:56:11 0 d-----w- c:\programdata\BitDefender
2009-12-04 00:56:11 0 d-----w- c:\program files\BitDefender
2009-12-04 00:52:59 0 d-----w- c:\program files\common files\BitDefender
2009-12-03 22:47:05 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-03 21:07:13 0 d-----w- c:\programdata\PCSettings
2009-12-02 01:51:47 0 d-----w- c:\users\zahra\appdata\roaming\Screaming Bee
2009-12-02 01:41:54 0 d-----w- c:\programdata\Screaming Bee
2009-12-02 01:41:54 0 d-----w- c:\program files\Screaming Bee
2009-11-26 19:08:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 23:50:12 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 23:50:11 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 23:50:06 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-22 16:34:30 0 d-----w- c:\program files\DiskInternals
2009-11-17 23:45:07 0 d-----w- c:\program files\Windows Portable Devices
2009-11-17 23:44:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 23:30:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-17 23:26:30 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 23:26:29 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 23:26:29 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 23:24:57 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-17 23:23:08 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 23:23:07 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 23:23:07 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-14 19:23:02 0 d-----w- c:\windows\system32\eu-ES
2009-11-14 19:23:02 0 d-----w- c:\windows\system32\ca-ES
2009-11-14 19:23:00 0 d-----w- c:\windows\system32\vi-VN
2009-11-14 16:17:43 0 d-----w- c:\windows\system32\EventProviders
2009-11-13 10:03:59 99680 ----a-w- c:\windows\system32\infocardapi.dll
2009-11-13 10:02:59 95232 ----a-w- c:\windows\system32\SCardSvr.dll
2009-11-10 22:06:50 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 22:06:33 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-09 19:05:00 75776 ----a-w- c:\windows\system32\drivers\ser2pl.sys

==================== Find3M ====================

2009-12-04 06:03:04 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-04 06:03:03 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-04 06:02:27 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-12-04 05:53:17 86016 ----a-w- c:\windows\inf\infpub.dat
2009-12-04 05:53:17 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-04 05:53:17 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-03 16:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-17 23:44:52 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-14 16:50:49 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2008-07-20 02:41:59 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:28:02.23 ===============
 

Attachments

Glaswegian

· Premium Member
Joined
·
39,718 Posts
#2 ·
Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to glasgow.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompts.

  • When finished it will produce a log at C:\ComboFix.txt for you
  • Please include the log in your next reply.
 
H

· Registered
Joined
·
33 Posts
Discussion Starter · #3 ·
Hi Iain

Many thanks for helping me

Just to let you know i had to run combo fix on safe mode as on normal boot it did not work.

I'm experiencing a few issues when logging onto normal boot. Basicaly i get the timer and it does not come out of it.

Here is the log you requested

ComboFix 09-12-09.04 - Zahra 10/12/2009 21:16:39.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1265 [GMT 0:00]
Running from: c:\users\Zahra\Desktop\glasgow.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1044340984-3374458352-3868366472-500
c:\$recycle.bin\S-1-5-21-1700653990-396368735-3127266353-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3723424155-2836419890-3711988-500
c:\$recycle.bin\S-1-5-21-4275756875-3957324713-4263332724-500
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 21:32 . 2009-12-10 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-10 21:32 . 2009-12-10 21:37 -------- d-----w- c:\users\Zahra\AppData\Local\temp
2009-12-10 21:03 . 2009-12-10 21:04 -------- d-----w- C:\32788R22FWJFW
2009-12-10 02:36 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 02:35 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-08 23:00 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-08 23:00 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:00 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 22:53 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 22:53 . 2009-12-08 22:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 22:53 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 22:35 . 2009-12-08 22:35 -------- d-----w- c:\program files\Java
2009-12-08 22:06 . 2009-12-08 22:06 -------- d-----w- c:\windows\tiinst
2009-12-08 21:31 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-08 21:31 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 22:56 . 2009-12-06 22:56 -------- d-----w- c:\program files\IZArc
2009-12-06 20:49 . 2009-12-06 20:49 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-06 20:32 . 2009-12-06 20:32 -------- d-----w- c:\program files\Trend Micro
2009-12-06 03:29 . 2009-12-06 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-06 03:28 . 2009-12-06 03:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-06 03:28 . 2009-12-06 03:28 -------- d-----w- c:\users\Zahra\AppData\Roaming\SUPERAntiSpyware.com
2009-12-06 03:13 . 2009-12-06 03:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-05 19:05 . 2009-12-05 19:05 -------- d-----w- c:\program files\Sophos
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\wsbl.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\ph_white.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\ph_black.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\pcwords.dat
2009-12-04 06:03 . 2009-12-10 21:32 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-04 01:15 . 2009-12-04 01:15 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-04 01:15 . 2009-12-04 01:15 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-04 00:57 . 2009-12-04 00:57 -------- d-----w- c:\users\Zahra\AppData\Roaming\BitDefender
2009-12-04 00:56 . 2009-12-04 05:50 -------- d-----w- c:\programdata\BitDefender
2009-12-04 00:56 . 2009-12-04 00:56 -------- d-----w- c:\program files\BitDefender
2009-12-04 00:52 . 2009-12-04 13:34 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-03 22:47 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-03 21:07 . 2009-12-03 21:07 -------- d-----w- c:\programdata\PCSettings
2009-12-02 01:51 . 2009-12-02 01:51 -------- d-----w- c:\users\Zahra\AppData\Roaming\Screaming Bee
2009-12-02 01:41 . 2009-12-02 01:44 -------- d-----w- c:\programdata\Screaming Bee
2009-11-26 19:08 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 23:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 23:50 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 16:34 . 2009-11-22 16:34 -------- d-----w- c:\program files\DiskInternals
2009-11-17 23:45 . 2009-11-17 23:45 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 23:26 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 23:26 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 23:26 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 23:24 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-17 23:24 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-11-17 23:24 . 2009-10-01 01:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-11-17 23:24 . 2009-10-01 01:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-11-17 23:24 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-17 23:24 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-17 23:24 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-17 23:24 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-17 23:24 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-17 23:24 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-17 23:24 . 2009-10-01 01:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-11-17 23:24 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-17 23:24 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-17 23:23 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 23:23 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 23:23 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-14 19:23 . 2009-11-14 19:24 -------- d-----w- c:\windows\system32\ca-ES
2009-11-14 19:23 . 2009-11-14 19:24 -------- d-----w- c:\windows\system32\eu-ES
2009-11-14 19:23 . 2009-11-14 19:24 -------- d-----w- c:\windows\system32\vi-VN
2009-11-14 16:17 . 2009-11-14 16:17 -------- d-----w- c:\windows\system32\EventProviders
2009-11-13 10:03 . 2009-04-11 06:28 406528 ----a-w- c:\windows\system32\msvcp60.dll
2009-11-13 10:02 . 2009-04-11 06:28 657408 ----a-w- c:\windows\system32\WMVXENCD.DLL
2009-11-10 22:06 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 22:06 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 23:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 23:03 . 2007-11-13 19:28 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 22:35 . 2009-01-15 13:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-08 22:07 . 2007-04-13 15:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-08 00:26 . 2009-12-06 03:31 117760 ----a-w- c:\users\Zahra\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-06 18:10 . 2008-04-13 20:19 -------- d-----w- c:\program files\Bouquet Wizard
2009-12-05 17:34 . 2007-11-17 12:32 -------- d-----w- c:\users\Zahra\AppData\Roaming\uTorrent
2009-12-04 13:30 . 2009-01-02 23:53 -------- d-----w- c:\program files\Total Video Converter
2009-12-04 13:30 . 2007-04-13 16:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-04 13:30 . 2007-11-07 20:14 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2009-12-04 06:03 . 2009-06-29 14:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-04 06:03 . 2009-06-29 14:12 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-04 06:02 . 2009-08-06 16:34 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-11-17 23:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 23:44 . 2009-11-17 23:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 23:30 . 2009-11-17 23:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-11 22:25 . 2007-11-12 18:09 -------- d-----w- c:\users\Zahra\AppData\Roaming\Skype
2009-11-11 22:10 . 2007-11-27 20:10 -------- d-----w- c:\users\Zahra\AppData\Roaming\skypePM
2009-11-11 21:57 . 2009-02-27 16:18 -------- d-----w- c:\program files\Microsoft
2009-11-08 19:46 . 2007-04-13 16:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-01 01:02 . 2009-11-17 23:25 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 23:25 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 23:25 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-11-17 23:25 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 23:25 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 23:25 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 23:25 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 23:25 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 23:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 23:25 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 23:25 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 23:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 23:25 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 23:25 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 23:25 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 23:25 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 23:25 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 23:25 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 23:25 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 23:25 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 23:25 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 23:25 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 23:25 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 23:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 23:25 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 23:25 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 23:25 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 23:25 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 23:25 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 23:25 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 16:48 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-12-04 06:02 . 2009-12-04 01:06 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe -hide" [X]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL" [X]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup" [X]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe -silent" [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-03 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-03 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 33048]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2007-10-31 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-12-04 1118144]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-12-04 71152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]

c:\users\Zahra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-11-13 557568]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-27 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d0,d3,6d,84,61,65,ca,01

R0 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [13/04/2007 15:29 210432]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [06/08/2009 16:34 72200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [01/04/2009 11:25 83208]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/12/2009 22:53 276816]
R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [29/06/2009 14:12 152456]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [08/12/2009 22:53 19160]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [25/06/2009 16:04 183880]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [22/08/2007 15:19 151552]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [18/07/2008 20:29 21504]
S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\System32\drivers\INQ1usbser.sys [09/03/2009 23:50 103680]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [24/02/2008 02:07 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [24/02/2008 02:07 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [24/02/2008 02:07 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [24/02/2008 02:08 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [24/02/2008 02:08 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [27/03/2009 13:23 23064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
TCP: {7473ADE0-42A8-4C78-AC92-365A9277BE89} = 194.168.4.100,194.168.8.100
FF - ProfilePath - c:\users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\2ur7lm4w.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-DSS - c:\windows\ConfigNetDos32.exe
HKCU-Run-Time Zones for PCs - c:\program files\Digital Design Ltd\Time Zones for PCs\TZPC.EXE
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-HWSetup - \HWSetup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 21:36
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys >>UNKNOWN [0x91EE1E31]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x89917d24
\Driver\ACPI -> acpi.sys @ 0x80691d68
\Driver\atapi -> ataport.SYS @ 0x84511a2c
\Driver\iaStor -> iaStor.sys @ 0x84448d24
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->
**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2616.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,1e,d4,dc,f9,21,a8,40,83,37,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,1e,d4,dc,f9,21,a8,40,83,37,b4,\

[HKEY_USERS\S-1-5-21-1523817061-2610818172-2760025777-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87D7C97D-6D24-DF5C-C9BF-282AB38F4D34}*]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1523817061-2610818172-2760025777-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADF14159-3E79-D2AF-D9DC-1D4E2BA5E0C7}*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-12-10 21:48:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-10 21:47

Pre-Run: 43,486,306,304 bytes free
Post-Run: 43,507,294,208 bytes free

- - End Of File - - C000ED7FC4B29866E16A8C5C579462EF
 
Glaswegian

· Premium Member
Joined
·
39,718 Posts
#4 ·
Hi again

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


P2P - I see you have P2P software (i.e. uTorrent) installed on your machine. We are not here to pass judgement on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. Although the P2P application itself may be 'clean', the files you download may well contain malware. P2P is often used as a method of distributing malware. This page will give you further information.



Combofix

  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code: 
File::
c:\windows\system32\rezumatenoi.dat

MBR::
Looking at the image below as an example


Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review.



Online Scan
Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log to your reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Avast users note:

Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.

Note that Panda may take several hours to scan your system.
 
H

· Registered
Joined
·
33 Posts
Discussion Starter · #5 ·
Hi Iain

Sorry for the delay it has been a very busy weekend, I have been out mostly.

Thanks for being so helpful

Please see below the log for combofix(the scan was performed in normal boot)

I have also attached the activescan log from panda security

ComboFix 09-12-11.01 - Zahra 12/12/2009 3:36.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1301 [GMT 0:00]
Running from: c:\users\Zahra\Desktop\glasgow.exe
Command switches used :: c:\users\Zahra\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\rezumatenoi.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rezumatenoi.dat

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - c:\glasgow\HarddiskVolumeShadowCopy8_!Windows!System32!drivers!iaStor.sys
.
((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))
.

2009-12-12 03:50 . 2009-12-12 03:55 -------- d-----w- c:\users\Zahra\AppData\Local\temp
2009-12-12 03:50 . 2009-12-12 03:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-12 03:50 . 2009-12-12 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-12 03:26 . 2009-12-12 03:27 -------- d-----w- C:\32788R22FWJFW
2009-12-12 01:35 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-12 01:34 . 2009-03-08 11:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-12-12 01:34 . 2009-03-08 11:33 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-12-12 01:34 . 2009-03-08 11:33 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-12-12 01:34 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-12-12 01:34 . 2009-03-08 11:33 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-12-12 01:34 . 2009-03-08 11:32 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-12-12 01:34 . 2009-03-08 11:31 45568 ----a-w- c:\windows\system32\mshta.exe
2009-12-11 23:22 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-11 23:21 . 2009-12-11 23:21 -------- d-----w- c:\program files\Panda Security
2009-12-11 21:17 . 2009-12-11 21:18 -------- d-----w- c:\program files\UnHackMe
2009-12-10 22:10 . 2009-11-21 06:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 22:10 . 2009-11-21 06:40 916480 ----a-w- c:\windows\system32\wininet(124).dll
2009-12-10 22:10 . 2009-11-21 06:34 1985536 ----a-w- c:\windows\system32\iertutil(84).dll
2009-12-10 22:10 . 2009-11-21 06:40 1208832 ----a-w- c:\windows\system32\urlmon(117).dll
2009-12-08 23:00 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-08 23:00 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:00 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 22:53 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 22:53 . 2009-12-08 22:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 22:53 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 22:35 . 2009-12-08 22:35 -------- d-----w- c:\program files\Java
2009-12-08 22:06 . 2009-12-08 22:06 -------- d-----w- c:\windows\tiinst
2009-12-08 21:31 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-08 21:31 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 22:56 . 2009-12-06 22:56 -------- d-----w- c:\program files\IZArc
2009-12-06 20:49 . 2009-12-06 20:49 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-06 20:32 . 2009-12-06 20:32 -------- d-----w- c:\program files\Trend Micro
2009-12-06 03:29 . 2009-12-06 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-06 03:28 . 2009-12-06 03:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-06 03:28 . 2009-12-06 03:28 -------- d-----w- c:\users\Zahra\AppData\Roaming\SUPERAntiSpyware.com
2009-12-06 03:13 . 2009-12-06 03:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-05 19:05 . 2009-12-05 19:05 -------- d-----w- c:\program files\Sophos
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\wsbl.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\ph_white.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\ph_black.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\pcwords.dat
2009-12-04 01:15 . 2009-12-04 01:15 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-04 01:15 . 2009-12-04 01:15 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-04 00:57 . 2009-12-04 00:57 -------- d-----w- c:\users\Zahra\AppData\Roaming\BitDefender
2009-12-04 00:56 . 2009-12-04 05:50 -------- d-----w- c:\programdata\BitDefender
2009-12-04 00:56 . 2009-12-04 00:56 -------- d-----w- c:\program files\BitDefender
2009-12-04 00:52 . 2009-12-04 13:34 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-03 22:47 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-03 21:07 . 2009-12-03 21:07 -------- d-----w- c:\programdata\PCSettings
2009-12-02 01:51 . 2009-12-02 01:51 -------- d-----w- c:\users\Zahra\AppData\Roaming\Screaming Bee
2009-12-02 01:41 . 2009-12-02 01:44 -------- d-----w- c:\programdata\Screaming Bee
2009-11-26 19:08 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 23:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 23:50 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 16:34 . 2009-11-22 16:34 -------- d-----w- c:\program files\DiskInternals
2009-11-17 23:45 . 2009-11-17 23:45 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 23:26 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 23:26 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 23:26 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 23:24 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-17 23:24 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-11-17 23:24 . 2009-10-01 01:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-11-17 23:24 . 2009-10-01 01:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-11-17 23:24 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-17 23:24 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-17 23:24 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-17 23:24 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-17 23:24 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-17 23:24 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-17 23:24 . 2009-10-01 01:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-11-17 23:24 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-17 23:24 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-17 23:23 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 23:23 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 23:23 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-14 19:23 . 2009-11-14 19:24 -------- d-----w- c:\windows\system32\ca-ES
2009-11-14 19:23 . 2009-11-14 19:24 -------- d-----w- c:\windows\system32\eu-ES
2009-11-14 19:23 . 2009-11-14 19:24 -------- d-----w- c:\windows\system32\vi-VN
2009-11-14 16:17 . 2009-11-14 16:17 -------- d-----w- c:\windows\system32\EventProviders
2009-11-13 10:03 . 2009-04-11 06:28 406528 ----a-w- c:\windows\system32\msvcp60.dll
2009-11-13 10:02 . 2009-04-11 06:28 657408 ----a-w- c:\windows\system32\WMVXENCD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 22:49 . 2007-11-17 12:32 -------- d-----w- c:\program files\uTorrent
2009-12-11 22:26 . 2007-11-13 19:28 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 23:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 22:35 . 2009-01-15 13:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-08 22:07 . 2007-04-13 15:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-08 00:26 . 2009-12-06 03:31 117760 ----a-w- c:\users\Zahra\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-06 18:10 . 2008-04-13 20:19 -------- d-----w- c:\program files\Bouquet Wizard
2009-12-04 13:30 . 2009-01-02 23:53 -------- d-----w- c:\program files\Total Video Converter
2009-12-04 13:30 . 2007-04-13 16:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-04 13:30 . 2007-11-07 20:14 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2009-12-04 06:03 . 2009-06-29 14:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-04 06:03 . 2009-06-29 14:12 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-04 06:02 . 2009-08-06 16:34 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-11-21 06:34 . 2009-12-12 01:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-12 01:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-12 01:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 23:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 23:44 . 2009-11-17 23:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 23:30 . 2009-11-17 23:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-11 22:25 . 2007-11-12 18:09 -------- d-----w- c:\users\Zahra\AppData\Roaming\Skype
2009-11-11 22:10 . 2007-11-27 20:10 -------- d-----w- c:\users\Zahra\AppData\Roaming\skypePM
2009-11-11 21:57 . 2009-02-27 16:18 -------- d-----w- c:\program files\Microsoft
2009-11-08 19:46 . 2007-04-13 16:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-01 01:02 . 2009-11-17 23:25 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 23:25 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 23:25 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-11-17 23:25 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 23:25 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 23:25 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 23:25 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 23:25 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 23:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 23:25 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 23:25 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 23:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 23:25 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 23:25 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 23:25 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 23:25 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 23:25 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 23:25 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 23:25 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 23:25 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 23:25 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 23:25 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 23:25 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 23:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 23:25 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 23:25 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 23:25 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 23:25 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 23:25 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 23:25 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 16:48 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-12-04 06:02 . 2009-12-04 01:06 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-03 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-03 133912]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 33048]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2007-10-31 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-12-04 1118144]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-12-04 71152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]

c:\users\Zahra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-11-13 557568]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-27 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d0,d3,6d,84,61,65,ca,01

R0 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [13/04/2007 15:29 210432]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [11/12/2009 23:22 28552]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [06/08/2009 16:34 72200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [01/04/2009 11:25 83208]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/12/2009 22:53 276816]
R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [29/06/2009 14:12 152456]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [08/12/2009 22:53 19160]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [25/06/2009 16:04 183880]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [22/08/2007 15:19 151552]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [18/07/2008 20:29 21504]
S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\System32\drivers\INQ1usbser.sys [09/03/2009 23:50 103680]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [24/02/2008 02:07 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [24/02/2008 02:07 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [24/02/2008 02:07 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [24/02/2008 02:08 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [24/02/2008 02:08 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [27/03/2009 13:23 23064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
TCP: {7473ADE0-42A8-4C78-AC92-365A9277BE89} = 194.168.4.100,194.168.8.100
FF - ProfilePath - c:\users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\2ur7lm4w.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 03:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys >>UNKNOWN [0x91D45E31]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8990ad24
\Driver\ACPI -> acpi.sys @ 0x80693d68
\Driver\atapi -> ataport.SYS @ 0x84508a2c
\Driver\iaStor -> iaStor.sys @ 0x8443fd24
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->
**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2616.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,1e,d4,dc,f9,21,a8,40,83,37,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,1e,d4,dc,f9,21,a8,40,83,37,b4,\

[HKEY_USERS\S-1-5-21-1523817061-2610818172-2760025777-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87D7C97D-6D24-DF5C-C9BF-282AB38F4D34}*]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1523817061-2610818172-2760025777-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADF14159-3E79-D2AF-D9DC-1D4E2BA5E0C7}*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2009-12-12 04:07:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-12 04:06
ComboFix2.txt 2009-12-10 21:48

Pre-Run: 50,875,408,384 bytes free
Post-Run: 50,830,438,400 bytes free

- - End Of File - - 6ABA7C6C6DE337E42A247BF45A2B0B00
 

Attachments

Glaswegian

· Premium Member
Joined
·
39,718 Posts
#8 ·
Hi again

I see you have Malwarebytes Anti Malware already on your system. Please update the tool and then run a scan.

  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:

-> Click on the Malwarebytes' Anti-Malware icon to launch the program.
-> Click on the Logs tab.
-> Click on the log at the bottom of those listed to highlight it.
-> Click Open.

Copy & Paste the entire report in your next reply.
 
H

· Registered
Joined
·
33 Posts
Discussion Starter · #9 ·
Hi Iain

Here is the log

Malwarebytes' Anti-Malware 1.42
Database version: 3360
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

14/12/2009 22:19:56
mbam-log-2009-12-14 (22-19-56).txt

Scan type: Quick Scan
Objects scanned: 102155
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Glaswegian

· Premium Member
Joined
·
39,718 Posts
#10 ·
Hi again

Let's see what files are available - we may need to replace a couple of your system files.


Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code: 
    :filefind
*atapi*
*iastor*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


We may need to replace the infected hard disk controller from within the Windows Recovery Environment. Please check to see if you have it pre-installed. To do so, reboot the system and tap F8 as if you were going to load Safe Mode. In that Advanced Menu, do you see an option that says 'Repair your computer' ? If so, good. If not, you will need a Vista install disk.
 
H

· Registered
Joined
·
33 Posts
Discussion Starter · #11 ·
Hi Iain

Here is the log you asked me

I may have to go and see if i have a MS vista disc just in case if WinRe is not present


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:08 on 15/12/2009 by Zahra (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi*"
C:\Windows\ERDNT\cache\atapi.sys --a--- 19944 bytes [21:43 10/12/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\inf\iteatapi.inf --a--- 33660 bytes [10:25 02/11/2006] [10:25 02/11/2006] E4EB9FDA7CA1965653EAB8C109CCE546
C:\Windows\inf\iteatapi.PNF --a--- 17916 bytes [10:25 02/11/2006] [12:51 02/11/2006] 73DF176A398D10A2338BBD40B56EF72E
C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys --a--- 21560 bytes [22:44 12/02/2008] [05:06 19/01/2008] B35CFCEF838382AB6490B321C87EDF17
C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys --a--- 21560 bytes [22:44 12/02/2008] [04:33 19/01/2008] E03E8C99D15D0381E02743C36AFC7C6F
C:\Windows\System32\DriverStore\en-US\iteatapi.inf_loc --a--- 308 bytes [12:40 02/11/2006] [12:40 02/11/2006] DBC002F0F2C65A0519A1BD24D84B22C2
C:\Windows\System32\DriverStore\FileRepository\iteatapi.inf_431397fb\iteatapi.inf --a--- 33660 bytes [10:25 02/11/2006] [06:35 02/11/2006] E4EB9FDA7CA1965653EAB8C109CCE546
C:\Windows\System32\DriverStore\FileRepository\iteatapi.inf_431397fb\iteatapi.sys --a--- 35944 bytes [10:25 02/11/2006] [09:50 02/11/2006] BCED60D16156E428F8DF8CF27B0DF150
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys --a--- 21560 bytes [22:04 13/02/2008] [22:04 13/02/2008] B35CFCEF838382AB6490B321C87EDF17
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys --a--- 19944 bytes [10:03 13/11/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys --a--- 19048 bytes [10:25 02/11/2006] [09:49 02/11/2006] 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys --a--- 21560 bytes [20:30 18/07/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\drivers\atapi.sys --a--- 19944 bytes [10:03 13/11/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\drivers\iteatapi.sys --a--- 35944 bytes [07:36 02/11/2006] [09:50 02/11/2006] BCED60D16156E428F8DF8CF27B0DF150
C:\Windows\System32\en-US\WinSATAPI.dll.mui --a--- 6144 bytes [12:41 02/11/2006] [12:41 02/11/2006] 64BDEA749C5954CECAB7EC5E9CC24D39
C:\Windows\System32\WinSATAPI.dll --a--- 383488 bytes [20:30 18/07/2008] [07:36 19/01/2008] 3FCB7347D2DE38488C85A31EA7838A3C
C:\Windows\winsxs\Manifests\x86_iteatapi.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_20cdea2c37532736.manifest --a--- 1913 bytes [12:39 02/11/2006] [12:39 02/11/2006] 99D99FA87B40A9FB8F9284AD0D7A71C9
C:\Windows\winsxs\x86_iteatapi.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_20cdea2c37532736\iteatapi.inf_loc --a--- 308 bytes [12:40 02/11/2006] [12:40 02/11/2006] DBC002F0F2C65A0519A1BD24D84B22C2
C:\Windows\winsxs\x86_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.0.6000.16386_none_e167a01dfaaf52f2\WinSATAPI.dll --a--- 382976 bytes [12:34 02/11/2006] [12:34 02/11/2006] D5289700FAD39825C8A7BB20B7FC0A0D
C:\Windows\winsxs\x86_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.0.6001.18000_none_e39e6219f79a63c6\WinSATAPI.dll --a--- 383488 bytes [20:30 18/07/2008] [07:36 19/01/2008] 3FCB7347D2DE38488C85A31EA7838A3C
C:\Windows\winsxs\x86_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.0.6000.16386_en-us_86f384ab3e5358a7\WinSATAPI.dll.mui --a--- 6144 bytes [12:41 02/11/2006] [12:41 02/11/2006] 64BDEA749C5954CECAB7EC5E9CC24D39
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys --a--- 21560 bytes [22:04 13/02/2008] [22:04 13/02/2008] B35CFCEF838382AB6490B321C87EDF17
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys --a--- 21560 bytes [22:04 13/02/2008] [22:04 13/02/2008] E03E8C99D15D0381E02743C36AFC7C6F
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys --a--- 21560 bytes [20:30 18/07/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys --a--- 19944 bytes [10:03 13/11/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4

Searching for "*iastor*"
C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\iaStor.cat --a--- 11254 bytes [20:22 07/11/2007] [03:07 23/02/2007] 2D429546C0C0A29C97A5039D14FB2D42
C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\iaStor.inf --a--- 6451 bytes [20:22 07/11/2007] [11:36 12/02/2007] 17CF149196D14322C3775BDAE5CEDE60
C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys --a--- 537368 bytes [20:22 07/11/2007] [12:37 12/02/2007] 2EE127D5407DA3957EE54711C9AED6EC
C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.cat --a--- 11254 bytes [20:22 07/11/2007] [03:07 23/02/2007] 6F6F9F086E42A50A5EA9664AC11D9423
C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.inf --a--- 6451 bytes [20:22 07/11/2007] [11:36 12/02/2007] 17CF149196D14322C3775BDAE5CEDE60
C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys --a--- 277784 bytes [20:22 07/11/2007] [12:36 12/02/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Qoobox\Quarantine\C\Windows\System32\drivers\iaStor.sys.vir --a--- 277784 bytes [20:52 10/12/2009] [12:36 12/02/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Toshiba\Drivers\Robson\Winall\Driver64\iaStor.cat --a--- 11254 bytes [15:29 13/04/2007] [03:07 23/02/2007] 2D429546C0C0A29C97A5039D14FB2D42
C:\Toshiba\Drivers\Robson\Winall\Driver64\iaStor.inf --a--- 6451 bytes [15:29 13/04/2007] [11:36 12/02/2007] 17CF149196D14322C3775BDAE5CEDE60
C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys --a--- 537368 bytes [15:29 13/04/2007] [12:37 12/02/2007] 2EE127D5407DA3957EE54711C9AED6EC
C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.cat --a--- 11254 bytes [15:29 13/04/2007] [03:07 23/02/2007] 6F6F9F086E42A50A5EA9664AC11D9423
C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.inf --a--- 6451 bytes [15:29 13/04/2007] [11:36 12/02/2007] 17CF149196D14322C3775BDAE5CEDE60
C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.sys --a--- 277784 bytes [15:29 13/04/2007] [12:36 12/02/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\inf\iastorv.inf --a--- 12918 bytes [10:25 02/11/2006] [02:17 20/07/2008] 9B38AC49C462638C49D90294DCB201D4
C:\Windows\inf\iastorv.PNF --a--- 15764 bytes [10:25 02/11/2006] [02:17 20/07/2008] 1B043BD9DE3CEBC0B335CCD632315657
C:\Windows\System32\DriverStore\en-US\iastorv.inf_loc --a--- 1996 bytes [20:28 18/07/2008] [07:43 19/01/2008] 952CB91EA90A81DE9504A3DCB8B03D73
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys --a--- 277784 bytes [15:29 13/04/2007] [12:36 12/02/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iastorv.inf --a--- 12922 bytes [10:25 02/11/2006] [06:35 02/11/2006] BB4598DC979AD7AEFD50CA833000AC70
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys --a--- 232040 bytes [10:25 02/11/2006] [09:51 02/11/2006] C957BF4B5D80B46C5017BF0101E6C906
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iastorv.inf --a--- 12918 bytes [20:28 18/07/2008] [03:24 19/01/2008] 9B38AC49C462638C49D90294DCB201D4
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys --a--- 235064 bytes [20:30 18/07/2008] [07:42 19/01/2008] 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\System32\drivers\iaStor(469).sys --a--- 277784 bytes [15:29 13/04/2007] [12:36 12/02/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\System32\drivers\iaStor.sys ------ 277784 bytes [15:29 13/04/2007] [12:36 12/02/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\System32\drivers\iaStorV.sys --a--- 232040 bytes [07:36 02/11/2006] [09:51 02/11/2006] C957BF4B5D80B46C5017BF0101E6C906
C:\Windows\winsxs\Manifests\x86_iastorv.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e6bd39778512b6f3.manifest --a--- 1910 bytes [12:39 02/11/2006] [12:39 02/11/2006] DD257AFFF8561E257A353B67C11D3838
C:\Windows\winsxs\Manifests\x86_iastorv.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_e8f3fb7381fdc7c7.manifest ------ 1910 bytes [20:10 18/07/2008] [23:02 18/01/2008] B601E5F72FB52A7AC838DBF1A32ADD9F
C:\Windows\winsxs\Manifests\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f.manifest ------ 1674 bytes [20:12 18/07/2008] [20:12 18/07/2008] 54382E5F1BED43FB9C5BCDE0D2DBF829
C:\Windows\winsxs\x86_iastorv.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e6bd39778512b6f3\iastorv.inf_loc --a--- 2000 bytes [12:41 02/11/2006] [12:41 02/11/2006] C56F136AF74F80A8FE00311E1506C073
C:\Windows\winsxs\x86_iastorv.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_e8f3fb7381fdc7c7\iastorv.inf_loc --a--- 1996 bytes [20:28 18/07/2008] [07:43 19/01/2008] 952CB91EA90A81DE9504A3DCB8B03D73
C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iastorv.inf --a--- 12918 bytes [20:28 18/07/2008] [03:24 19/01/2008] 9B38AC49C462638C49D90294DCB201D4
C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys --a--- 235064 bytes [20:30 18/07/2008] [07:42 19/01/2008] 54155EA1B0DF185878E0FC9EC3AC3A14

-=End Of File=-
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#13 ·
Hello has786,

Please pardon the interruption, but Glaswegian is offline at the moment. Before we resort to using the Recovery Environment to replace the hijacked hard disk controller (iastor.sys), please try ComboFix once again as it has just been updated. Delete your existing ComboFix.exe from your desktop and download the latest version from here. Save it to your desktop.

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
 
Save Share
H

· Registered
Joined
·
33 Posts
Discussion Starter · #14 ·
Hi Ried

I have downloaded the new combofix and ran it.

On the first time it did not complete the log a the blue screen appear and the laptop restarted. I the ran i t again but it skiped the stage where you usually get thr warning about rootkit activity has been detected and a reboot is required instead it started with the stages

Here is the report

ComboFix 09-12-16.01 - Zahra 16/12/2009 22:21:28.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1146 [GMT 0:00]
Running from: c:\users\Zahra\Desktop\KittyFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-16 to 2009-12-16 )))))))))))))))))))))))))))))))
.

2009-12-16 22:29 . 2009-12-16 22:29 -------- d-----w- c:\users\Zahra\AppData\Local\temp
2009-12-16 22:29 . 2009-12-16 22:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-16 22:29 . 2009-12-16 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-12 04:11 . 2009-12-16 22:08 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-12 01:35 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-12 01:34 . 2009-03-08 11:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-12-12 01:34 . 2009-03-08 11:33 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-12-12 01:34 . 2009-03-08 11:33 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-12-12 01:34 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-12-12 01:34 . 2009-03-08 11:33 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-12-12 01:34 . 2009-03-08 11:32 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-12-12 01:34 . 2009-03-08 11:31 45568 ----a-w- c:\windows\system32\mshta.exe
2009-12-11 23:22 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-11 23:21 . 2009-12-11 23:21 -------- d-----w- c:\program files\Panda Security
2009-12-11 21:17 . 2009-12-11 21:18 -------- d-----w- c:\program files\UnHackMe
2009-12-10 22:10 . 2009-11-21 06:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 22:10 . 2009-11-21 06:40 916480 ----a-w- c:\windows\system32\wininet(124).dll
2009-12-10 22:10 . 2009-11-21 06:34 1985536 ----a-w- c:\windows\system32\iertutil(84).dll
2009-12-10 22:10 . 2009-11-21 06:40 1208832 ----a-w- c:\windows\system32\urlmon(117).dll
2009-12-08 23:00 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-08 23:00 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:00 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 22:53 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 22:53 . 2009-12-08 22:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 22:53 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 22:35 . 2009-12-08 22:35 -------- d-----w- c:\program files\Java
2009-12-08 22:06 . 2009-12-08 22:06 -------- d-----w- c:\windows\tiinst
2009-12-08 21:31 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-08 21:31 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 22:56 . 2009-12-06 22:56 -------- d-----w- c:\program files\IZArc
2009-12-06 20:49 . 2009-12-06 20:49 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-06 20:32 . 2009-12-06 20:32 -------- d-----w- c:\program files\Trend Micro
2009-12-06 03:31 . 2009-12-14 23:13 117760 ----a-w- c:\users\Zahra\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-06 03:29 . 2009-12-06 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-06 03:28 . 2009-12-06 03:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-06 03:28 . 2009-12-06 03:28 -------- d-----w- c:\users\Zahra\AppData\Roaming\SUPERAntiSpyware.com
2009-12-06 03:13 . 2009-12-06 03:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-05 19:05 . 2009-12-05 19:05 -------- d-----w- c:\program files\Sophos
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\wsbl.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\ph_white.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\ph_black.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-12-04 15:45 . 2009-12-04 15:45 0 ----a-w- c:\windows\system32\pcwords.dat
2009-12-04 01:15 . 2009-12-04 01:15 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-04 01:15 . 2009-12-04 01:15 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-04 00:57 . 2009-12-04 00:57 -------- d-----w- c:\users\Zahra\AppData\Roaming\BitDefender
2009-12-04 00:56 . 2009-12-04 05:50 -------- d-----w- c:\programdata\BitDefender
2009-12-04 00:56 . 2009-12-04 00:56 -------- d-----w- c:\program files\BitDefender
2009-12-04 00:52 . 2009-12-04 13:34 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-03 22:47 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-03 21:07 . 2009-12-03 21:07 -------- d-----w- c:\programdata\PCSettings
2009-12-02 01:51 . 2009-12-02 01:51 -------- d-----w- c:\users\Zahra\AppData\Roaming\Screaming Bee
2009-12-02 01:41 . 2009-12-02 01:44 -------- d-----w- c:\programdata\Screaming Bee
2009-11-26 19:08 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 23:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 23:50 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 16:34 . 2009-11-22 16:34 -------- d-----w- c:\program files\DiskInternals
2009-11-17 23:45 . 2009-11-17 23:45 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 23:26 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 23:26 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 23:26 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 23:24 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-17 23:24 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-11-17 23:24 . 2009-10-01 01:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-11-17 23:24 . 2009-10-01 01:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-11-17 23:24 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-17 23:24 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-17 23:24 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-17 23:24 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-17 23:24 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-17 23:24 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-17 23:24 . 2009-10-01 01:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-11-17 23:24 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-17 23:24 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-17 23:23 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 23:23 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 23:23 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 22:49 . 2007-11-17 12:32 -------- d-----w- c:\program files\uTorrent
2009-12-11 22:26 . 2007-11-13 19:28 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 23:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 22:35 . 2009-01-15 13:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-08 22:07 . 2007-04-13 15:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-06 18:10 . 2008-04-13 20:19 -------- d-----w- c:\program files\Bouquet Wizard
2009-12-04 13:30 . 2009-01-02 23:53 -------- d-----w- c:\program files\Total Video Converter
2009-12-04 13:30 . 2007-04-13 16:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-04 13:30 . 2007-11-07 20:14 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2009-12-04 06:03 . 2009-06-29 14:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-04 06:03 . 2009-06-29 14:12 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-04 06:02 . 2009-08-06 16:34 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-11-21 06:34 . 2009-12-12 01:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-12 01:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-12 01:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 23:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 23:44 . 2009-11-17 23:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 23:30 . 2009-11-17 23:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-14 19:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-11 22:25 . 2007-11-12 18:09 -------- d-----w- c:\users\Zahra\AppData\Roaming\Skype
2009-11-11 22:10 . 2007-11-27 20:10 -------- d-----w- c:\users\Zahra\AppData\Roaming\skypePM
2009-11-11 21:57 . 2009-02-27 16:18 -------- d-----w- c:\program files\Microsoft
2009-11-08 19:46 . 2007-04-13 16:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-01 01:02 . 2009-11-17 23:25 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 23:25 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 23:25 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-11-17 23:25 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 23:25 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 23:25 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 23:25 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 23:25 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 23:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 23:25 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 23:25 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 23:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 23:25 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 23:25 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 23:25 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 23:25 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 23:25 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 23:25 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 23:25 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 23:25 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 23:25 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 23:25 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 23:25 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 23:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 23:25 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 23:25 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 23:25 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 23:25 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 23:25 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 23:25 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-12-04 06:02 . 2009-12-04 01:06 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-03 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-03 133912]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 33048]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2007-10-31 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-12-04 1118144]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-12-04 71152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]

c:\users\Zahra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-11-13 557568]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-27 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d0,d3,6d,84,61,65,ca,01

R0 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [13/04/2007 15:29 210432]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [11/12/2009 23:22 28552]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [06/08/2009 16:34 72200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [01/04/2009 11:25 83208]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/12/2009 22:53 276816]
R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [29/06/2009 14:12 152456]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [08/12/2009 22:53 19160]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [25/06/2009 16:04 183880]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [22/08/2007 15:19 151552]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [18/07/2008 20:29 21504]
S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\System32\drivers\INQ1usbser.sys [09/03/2009 23:50 103680]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [24/02/2008 02:07 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [24/02/2008 02:07 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [24/02/2008 02:07 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [24/02/2008 02:08 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [24/02/2008 02:08 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [27/03/2009 13:23 23064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
TCP: {7473ADE0-42A8-4C78-AC92-365A9277BE89} = 194.168.4.100,194.168.8.100
FF - ProfilePath - c:\users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\2ur7lm4w.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-16 22:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2616.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,1e,d4,dc,f9,21,a8,40,83,37,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,1e,d4,dc,f9,21,a8,40,83,37,b4,\

[HKEY_USERS\S-1-5-21-1523817061-2610818172-2760025777-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87D7C97D-6D24-DF5C-C9BF-282AB38F4D34}*]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1523817061-2610818172-2760025777-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADF14159-3E79-D2AF-D9DC-1D4E2BA5E0C7}*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-16 22:32:01
ComboFix-quarantined-files.txt 2009-12-16 22:31
ComboFix2.txt 2009-12-12 04:07
ComboFix3.txt 2009-12-10 21:48

Pre-Run: 43,553,624,064 bytes free
Post-Run: 43,489,755,136 bytes free

- - End Of File - - 4A41332CA4F87F0F9209AB95FCC1038C
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#15 ·
Although it seemed a rough go, it successfully replaced the hijacked file. How is the system behaving now?

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click IE icon and run as admininstrator.


Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
 
Save Share
H

· Registered
Joined
·
33 Posts
Discussion Starter · #16 ·
Hi Ried

The system is running much better

I have not experienced redirects since we ran combofix last time but i'm not sure if is too early to say that the environment is clean

Please see below the log from Kaspersky online scanner

You will notice that not threats were detected :grin:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, December 17, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, December 17, 2009 18:28:49
Records in database: 3382603
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\

Scan statistics:
Objects scanned: 133776
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:33:07

No threats found. Scanned area is clean.

Selected area has been scanned.
 
H

· Registered
Joined
·
33 Posts
Discussion Starter · #17 ·
Hi Ried and Iain

The forum looks so busy i wish i could help :( but i know nothing about malware.

Thank you both so much for your help so far.

My bitdefender has ran a couple of scans and did not report anything.

Is there anything else I need to do?
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#18 ·
Apologies for the delay, I've been a bit under the weather. The logs are clean, so all that's left to do is some final housekeeping. Please do not skip this step as it will implement some important cleanup procedures, one of which is resetting your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.



Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT - Web of Trust. This is a free browser add on that warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.


- Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

- Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


Please take some time to read the following articles:



-----------------------------------------------------


**Kindly respond one more time and let me know if we may consider this thread resolved.
 
Save Share
H

· Registered
Joined
·
33 Posts
Discussion Starter · #19 ·
Hi Ried,

I'm so sorry for the delay, we had a loss in the family plus the weather conditions made it so difficult for me to login onto the forum.

I have done the steps you asked and I hope I do not get infected again.

Can you tell me with what malware was i infected? Also how come these commercial malware protectors do not detect this malware but combofix does?

Thanks
Has786
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#20 ·
Hello Has786, and I do wish the best to you and yours during this difficult time.

What you had is most commonly referred to as a TDL3 rootkit. It hijacks your hard disk controller file (in your case atapi.sys) to gain control of your computer. I think you'll find this link to be a good read.

Why didn't your AV see it or be able to stop it, or be able to cure it? It's simply that malware is constantly evolving/mutating. Today's malware interjects itself into the OS and it simply takes time for AV companies to find out about these, and find ways to deal with these safely. I think it's explained rather well here ==> http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html

I hope that helped a bit. :)
 
Save Share
1 - 20 of 20 Posts
Status
Not open for further replies.
About this Discussion
19 Replies
3 Participants
Last post:
Ried
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top